隨著物聯網(Internet of Things, IoT)被廣泛應用在多個領域中，其所伴隨的資安威脅也逐漸被重視，於是許多研究著眼於如何強化物聯網的資訊安全，其中入侵檢測系統(Intrusion Detection System, IDS)就被視為相當重要的一環。在對入侵檢測系統的研究中，基於深度學習(Deep Learning)的入侵檢測系統因具有自適應性和靈活性而備受矚目。目前基於深度學習實作入侵檢測系統的研究中，皆為對單一會話(Conversation)或單一封包(Packet)採用深度學習來為會話或封包之攻擊情境進行分類，以完成入侵檢測任務，但當隨著考慮的攻擊情境越來越多，入侵檢測系統會因為缺少對當前網路的全局資訊，而在檢測任務上表現不佳。為了解決此問題，本碩士論文提出的入侵檢測系統是基於窗格(Window)並採用Transformer模型提取該窗格之網路行為的特徵，再對該窗格之網路行為的特徵採用深度學習為窗格之攻擊情境進行分類來完成入侵檢測任務。在窗格的設計上，本論文將其設計為滑動窗格(Sliding Window)，使輸入至Transformer模型的各個窗格能包含前後窗格的資訊，同時還為輸入至Transformer模型的窗格設計切分成適當大小的分段(Segment)，避免窗格內的封包數量過多而不利於模型提取該窗格之網路行為。最後，本論文還對各分段內的封包在拓譜、埠號、協定的特徵上做預處理，來強化Transformer模型對封包之拓譜、埠號、協定資訊上的捕捉。透過本論文以上的設計，所提出之入侵檢測系統相較於目前的相關研究亦即[1]、[2]能得到當前網路更全面的資訊，進而大幅提升在檢測任務上的表現，準確率可達99.95\%且各項攻擊的召回率皆在90%以上。另外，為了降低主系統的負擔，本碩士論文提出一種基於前述方法進行簡化的方案，透過對Transformer模型進行簡化，在神經元(Neuron)數量上減少49%的同時，準確率仍達99.23%，且其中十四項攻擊情境中，有九項攻擊的召回率仍達90%以上。

With the widespread application of the Internet of things (IoT) in various fields, the associated cybersecurity threats are gradually receiving more attention. Many studies focused on enhancing the information security of IoT with the intrusion detection system (IDS) being regarded as a crucial component. In the research on IDS, deep learning-based intrusion detection systems have received significant attention due to their adaptability and flexibility. Currently, research on implementing an intrusion detection system based on deep learning focuses on classifying attacks based on individual conversations or packets using deep learning techniques to accomplish intrusion detection. However, as the number of attack scenarios are getting more complicated, intrusion detection system performance become poor due to the lack of global information about the current network. To address this issue, this thesis proposes an intrusion detection system that utilizes the Transformer model to extract features of network behaviors within a window. The features of network behaviors within the window are then classified using deep learning to detect attacks. Our design adopts a sliding window approach to include information from the neighboring two windows as input to the Transformer model. Additionally, the window is partitioned into appropriate-sized segments to avoid the situation with excessive packets within a window, which may hinder the model's ability to extract network behaviors. Finally, our design also preprocesses the features of packets within each segment, including spectrum, port number, and protocol, to enhance the Transformer model's capability in capturing the spectrum, port number, and protocol information. With the aforementioned design, our proposed intrusion detection system can get more comprehensive information about the current network compared to the existing approaches, i.e., [1] and [2], significantly improving its performance in attack detection with accuracy higher than 99.95% and a recall rate over 90% under various attacks considered. Additionally, to alleviate the burden on the main system, this thesis further proposes a simplified approach based on the aforementioned method by simplifying the Transformer model. This simplified approach reaches a reduction of 49% in the number of neurons and maintains the accuracy above 99.23%. Moreover, the recall rates for 9 out of 14 attacks considered exceed 90%.

[1] S. I. Popoola, B. Adebisi, M. Hammoudeh, G. Gui, and H. Gacanin, “Hybrid Deep Learning for Botnet Attack Detection in the Internet-of-Things Networks,” IEEE Internet of Things Journal, vol. 8, pp. 4944–4956, October 2021.
[2] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” IEEE Access, vol. 10, pp. 40281–40306, April 2022.
[3] “One Hot Encoding in Machine Learning,” 2018. https://www.geeksforgeeks.org/ml-one-hot-encoding-of-datasets-in-python/.
[4] “Use Embedding Layer To Process Text,” 2021. https://clay-atlas.com/us/blog/2021/07/26/pytorch-en-embedding-layer-process-text/.
[5] M. Wollschlaeger, T. Sauter, and J. Jasperneite, “The Future of Industrial Communication: Automation Networks in the Era of the Internet of Things and Industry 4.0,” IEEE Industrial Electronics Magazine, vol. 11, pp. 17–27, March 2017.
[6] Y. Mehmood, F. Ahmad, I. Yaqoob, A. Adnane, M. Imran, and S. Guizani, “Internetof-Things-Based Smart Cities: Recent Advances and Challenges,” IEEE Communications Magazine, vol. 55, pp. 16–24, September 2017.
[7] A. Ghubaish, T. Salman, M. Zolanvari, D. Unal, A. Al-Ali, and R. Jain, “Recent Advances in the Internet-of-Medical-Things (IoMT) Systems Security,” IEEE Internet of Things Journal, vol. 8, pp. 8707–8718, December 2021.
[8] J. Zhou, Z. Cao, X. Dong, and A. V. Vasilakos, “Security and Privacy for Cloud-based IoT: Challenges,” IEEE Communications Magazine, vol. 55, pp. 26–33, January 2017.
[9] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A Survey on Security and Privacy Issues in Internet-of-Things,” IEEE Internet of Things Journal, vol. 4, pp. 1250–1258, April 2017.
[10] “Heightened DDoS Threat Posed by Mirai and Other Botnets,” 2016. www.us-cert.gov/ncas/alerts/TA16-288A.
[11] N. Scaife, P. Traynor, and K. Butler, “Making Sense of the Ransomware Mess and Planning a Sensible Path Forward,” IEEE Potentials, vol. 36, pp. 28–31, November 2017.
[12] “Hackers Remotely Kill a Jeep on the Highway—With Me in It,” 2015. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway.
[13] B. R, S. Deepajothi, P. G, D. T, P. Karthikeyan, and V. S, “Survey on Intrusions Detection System using Deep learning in IoT Environment,” in Proc. International Conference on Sustainable Computing and Data Communication Systems (ICSCDS), pp. 195–199, April 2022.
[14] S. Abdelhamid, M. Aref, I. Hegazy, and M. Roushdy, “A Survey on Learning-based Intrusion Detection Systems for IoT Networks,” in Proc. International Conference on Intelligent Computing and Information Systems (ICICIS), pp. 278–288, February 2021.
[15] A. Jamalipour and S. Murali, “A Taxonomy of Machine-Learning-Based Intrusion Detection Systems for the Internet of Things: A Survey,” IEEE Internet of Things Journal, vol. 9, pp. 9444–9466, November 2022.
[16] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine Learning in IoT Security: Current Solutions and Future Challenges,” IEEE Communications Surveys & Tutorials, vol. 22, pp. 1686–1721, April 2020.
[17] D. T. Rahmantyo, B. Erfianto, and G. B. Satrya, “Deep Residual CNN for Preventing Botnet Attacks on The Internet of Things,” in Proc. International Conference of Computer and Informatics Engineering (IC2IE), pp. 462–466, December 2021.
[18] L. Zou, Y. Wei, L. Ma, and S. Leng, “Feature-Attended Multi-Flow LSTM for Anomaly Detection in Internet of Things,” in Proc. IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1–6, June 2022.
[19] F. Sattari, A. H. Farooqi, Z. Qadir, B. Raza, H. Nazari, and M. Almutiry, “A Hybrid Deep Learning Approach for Bottleneck Detection in IoT,” IEEE Access, vol. 10, pp. 77039–77053, July 2022.
[20] J. Gadge and A. A. Patil, “Port scan detection,” in Proc. IEEE International Conference on Networks, pp. 1–6, August 2008.
[21] M. Lastovicka, T. Jirsik, P. Celeda, S. Spacek, and D. Filakovsky, “Passive os fingerprinting methods in the jungle of wireless networks,” in Proc. IEEE/IFIP Network Operations and Management Symposium(NOMS), pp. 1–9, July 2018.
[22] “What is Vulnerability Scanning and How Does It Work?,” 2023. https://www.esecurityplanet.com/networks/vulnerability_scanning_what_it_is_and_how_to_do_it_right.
[23] L. K. Shar and H. B. K. Tan, “Defending against Cross-Site Scripting Attacks,” Computer, vol. 45, pp. 55–62, August 2012.
[24] L. K. Shar and H. B. K. Tan, “Defeating SQL Injection,” Computer, vol. 46, pp. 69–77, August 2013.
[25] “Malicious File Upload,” 2023. https://trendmicro-appsec.awsworkshop.io/30_lambda/42_file_upload.html.
[26] “What is Password Cracking?,” 2021. https://www.techtarget.com/searchsecurity/definition/password-cracker.
[27] D. Javeed and U. MohammedBadamasi, “Man in the Middle Attacks: Analysis, Motivation and Prevention,” International Journal of Computer Networks and Communications Security, vol. no.08, pp. 52–58, July 2020.
[28] “What is a Backdoor Attack? Tips for Detection and Prevention,” 2023. https://www.techtarget.com/searchsecurity/definition/back-door.
[29] A. L. Young and M. Yung, “On Ransomware and Envisioning the Enemy of Tomorrow,” Computer, vol. 50, pp. 82–85, November 2017.
[30] C. Tsfaty and M. Fire, “Malicious Source Code Detection Using Transformer,” September 2022.
[31] D. Zou, S. Wang, S. Xu, Z. Li, and H. Jin, “VulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection,” IEEE Transactions on Dependable and Secure Computing, vol. 18, pp. 2224–2236, January 2021.
[32] N. T. Islam, G. De La Torre Parra, D. Manuel, E. Bou-Harb, and P. Najafirad, “An
Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph,” in Proc. IEEE European Symposium on Security and Privacy, pp. 144–159, April 2023.
[33] V. Raychev, P. Bielik, and M. Vechev, “Probabilistic Model for Code with Decision Trees,” SIGPLAN Not., vol. 51, October 2016.
[34] R. Alguliyev, L. Sukhostat, and A. Mammadov, “Anomaly detection in cyberphysical systems based on bigru-vae,” in Proc. International Conference on Application of Information and Communication Technologies, pp. 1–5, October 2022.
[35] K. Abdelli, J. Y. Cho, F. Azendorf, H. Griesser, C. Tropschug, and S. Pachnicke, “Machine-Learning-Based Anomaly Detection in Optical Fiber Monitoring,” Journal of Optical Communications and Networking, vol. 14, pp. 365–375, July 2022.
[36] I. Ghafir, K. G. Kyriakopoulos, F. J. Aparicio-Navarro, S. Lambotharan, B. Assadhan, and H. Binsalleeh, “A Basic Probability Assignment Methodology for Unsupervised Wireless Intrusion Detection,” IEEE Access, vol. 6, pp. 40008–40023, July 2018.
[37] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, and Y. Elovici, “N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Computing, vol. 17, pp. 12–22, July 2018.
[38] F. Hussain, S. G. Abbas, I. M. Pires, S. Tanveer, U. U. Fayyaz, N. M. Garcia, G. A. Shah, and F. Shahzad, “A Two-Fold Machine Learning Approach to Prevent and Detect IoT Botnet Attacks,” IEEE Access, vol. 9, pp. 163412–163430, November 2021.
[39] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” in Proc. Inter126 national Carnahan Conference on Security Technology (ICCST), pp. 1–8, October 2019.
[40] M. A. Razib, D. Javeed, M. T. Khan, R. Alkanhel, and M. S. A. Muthanna, “Cyber Threats Detection in Smart Environments Using SDN-Enabled DNN-LSTM Hybrid Framework,” IEEE Access, vol. 10, pp. 53015–53026, May 2022.
[41] J. G. Almaraz-Rivera, J. A. Perez-Diaz, J. A. Cantoral-Ceballos, J. F. Botero, and L. A. Trejo, “Toward the Protection of IoT Networks: Introducing the LATAMDDoS-IoT Dataset,” IEEE Access, vol. 10, pp. 106909–106920, October 2022.
[42] B. I. Hairab, M. Said Elsayed, A. D. Jurcut, and M. A. Azer, “Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks,” IEEE Access, vol. 10, pp. 98427–98440, September 2022.
[43] N. Moustafa, “The Bot-IoT dataset,” 2019.
[44] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIot Applications: Centralized and Federated Learning,” 2022.
[45] K. Cho, B. van Merrienboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk, and Y. Bengio, “Learning Phrase Representations using RNN Encoder-Decoder for Statistical Machine Translation,” June 2014.
[46] H. Xia, C. Ding, and Y. Liu, “Sentiment Analysis Model Based on Self-Attention and Character-Level Embedding,” IEEE Access, vol. 8, pp. 184614–184620, October 2020.
[47] W. Zhao, H. Gao, S. Chen, and N. Wang, “Generative Multi-Task Learning for Text Classification,” IEEE Access, vol. 8, pp. 86380–86387, May 2020.
[48] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. Kaiser, and I. Polosukhin, “Attention Is All You Need,” arXiv, June 2017.